Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. Network Access Control aims to control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.
When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy. Once the policy is met, the computer is able to access network resources and the Internet, according to the policies defined within the NAC system. Access to the network will be given according to profile of the person. For example, in an enterprise, a member of the human resources department may access only human resources department files.
Organizations may offer one or more cloud services to users over a network (e.g., the Internet). The cloud services may include computation, software, data access, storage services, etc. that physically reside elsewhere (e.g., another computer or the organizations data center) which users can access from their own computer or device over the network. Since sensitive information may be sent to or received from these cloud services, corporate policy may dictate that a user have a certain level of security or protection on the device being used to access the cloud services. Given the myriad of different devices and networks an individual may use to access these cloud services and the different types of information that may be transmitted, implementing a consistent and secure access policy may be difficult.